Right now we use sanitizer (stable package) to call a virus scanner and to strip script,img, style, etc tags
We're thinking of switching to amavisd-new (unstable) and clamav (testing) because while sanitizer strips out the virus, it still passes the junk message through. We'd like to be able to drop virus infected messages to the floor. Another (very minor) consideration is that sanitizer is not a daemon and pays a speed penalty every time it is launched. The problem I see looking at the docs is that amavisd-new doesn't strip out potentially evil html. The direction, we're drifting is to run sanitizer after amavisd-new. (I think postfix can run filters in sequence)
